CVE-2021-28168
Description
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.158
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2021-28168 are fixed in GlassFish-jersey-common 2.34 | Windows |
| Vulnerabilities CVE-2021-28168 are fixed in GlassFish-jersey-common 3.0.2 | Windows |
| Vulnerabilities CVE-2021-28168 are fixed in GlassFish-jersey-common for Linux 2.34 | Linux |
| Vulnerabilities CVE-2021-28168 are fixed in GlassFish-jersey-common for Linux 3.0.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234